Back to blog results

April 18, 2019 By Sumo Logic

Best Practices with AWS GuardDuty for Security and Compliance

Cloud networks are popular targets for cybercriminals and organizations will inevitably face them. If you’ve ever administered a network of any type, you know that DDoS (distributed denial of service) attack attempts are really frequent, and there’s loads of malware out there too.

When Amazon launched AWS GuardDuty, they provided an excellent tool for enterprises to use to monitor network activity that could indicate cyber attacks. Using GuardDuty is optional, but it would be foolish to not take advantage of its capabilities in our cyber insecure world.

Enterprises and businesses of all sizes can get the most out of GuardDuty with Sumo Logic’s app.

Sumo Logic will help you implement compliance standard metrics for industry regulations such as PCI, HIPAA, SOC 2, and GDPR. You’ll know how well your AWS cloud complies at all times, and you’ll have solid compliance data whenever your network is audited.

Sumo Logic will make the everyday work of your administrators easier and more efficient by reducing the number of panels that they need to watch. Sumo Logic’s app can keep all of the GuardDuty information you need on one screen. Sumo Logic has a selection of pre-configured dashboards that you can customize for your specific needs. The UIs are beautifully simple and they make network activity and possible security incidents much easier to understand at a quick glance. Your administrators will notice a lot more without being overwhelmed.

Sumo Logic will also help you better triage and prioritize network events, and give your administrators better visibility throughout your AWS network. With these extra features and functions, your security and network teams will be able to more effectively prevent security incidents before they occur! It’s always much easier and less expensive to prevent cyber attacks than to respond to them.

Here are some simple tips and best practices to help you benefit the most from Sumo Logic’s AWS GuardDuty app.

  1. The effectiveness of AWS GuardDuty is completely dependent on your logs. Make sure that you take great care in configuring your log collection for GuardDuty and Sumo Logic’s app. Make sure you configure an HTTP source with proper timestamps. Remember to deploy your Sumo Logic GuardDuty events processor, it can be done in only a few clicks! You must also remember to configure optional environment variables through the AWS Lambda console. That way your CloudWatch event logs will be customized for your network’s particular needs.
  2. Sumo Logic is ready to help your enterprise every step of the way! Take full advantage of Sumo Logic’s Quickstart Training Webinars, which are free for all Sumo Logic users. Sumo Logic’s Webinars cover how to create and modify dashboards, how to create alerts and schedule searches, how to save and publish searches, how to set your user preferences, and even how to use advanced analytics. These Webinars will give you confidence in using Sumo Logic’s app to its maximum potential.
  3. One of the most useful features of Sumo Logic’s app is the ability to visualize your data with eye-catching and easy to understand charts. Some of the chart options include map charts for showing IP addresses from log messages, pie charts for comparing different types of events, bar charts for seeing the number of events that have occurred, area charts for visualizing data changes, and box plot charts to show groups of data using quartiles. Getting the most out of Sumo Logic’s charts will make using GuardDuty much more intuitive for your human administrators.
  4. Customize Sumo Logic’s dashboards for your network’s specific needs. There are all kinds of options available to make dashboards a powerful interface for getting the most out of AWS GuardDuty. You can add text panels to compliment a dashboard’s data presentation. The look and feel of dashboards can be tweaked to an administrator’s liking with by arranging panels in many different ways and choosing colors that are easy on the eyes through toggling the theme. Dashboards can also be easily shared with your organization so that everyone who needs GuardDuty data will have access to it.
  5. In addition to Webinars, Sumo Logic also provides help in many other ways which you should feel free to use whenever you need it. Sumo Logic has a customer Slack channel, a DocHub full of useful documentation, a Sumo Logic Community forum for quick answers to your questions, and the ability to create tickets with our support department for in-depth assistance. Never hesitate to use the many resources that are available for Sumo Logic users.

When you keep these tips in mind, Sumo Logic’s app for AWS GuardDuty will be a powerful tool for keeping your infrastructure secure.

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

Sumo Logic

More posts by Sumo Logic.

People who read this also enjoyed